﻿@page "/account/manage/2fa"

@using Microsoft.AspNetCore.Identity
@inject UserManager<AdminUser> UserManager

<LayoutPageTitle>Two-factor authentication (2FA)</LayoutPageTitle>

@if (_is2FaEnabled)
{
    <div class="p-4 bg-white border border-gray-200 rounded-lg shadow-sm dark:border-gray-700 sm:p-6 dark:bg-gray-800">
        <h3 class="text-xl font-bold text-gray-900 dark:text-white mb-4">Two-factor authentication (2FA)</h3>

        @if (_recoveryCodesLeft == 0)
        {
            <div class="mb-4 p-4 bg-red-100 border-l-4 border-red-500 text-red-700 dark:bg-red-900 dark:text-red-100">
                <p class="font-bold">You have no recovery codes left.</p>
                <p>You must <a href="account/manage/generate-recovery-codes" class="text-red-800 dark:text-red-200 underline">generate a new set of recovery codes</a> before you can log in with a recovery code.</p>
            </div>
        }
        else if (_recoveryCodesLeft == 1)
        {
            <div class="mb-4 p-4 bg-red-100 border-l-4 border-red-500 text-red-700 dark:bg-red-900 dark:text-red-100">
                <p class="font-bold">You have 1 recovery code left.</p>
                <p>You can <a href="account/manage/generate-recovery-codes" class="text-red-800 dark:text-red-200 underline">generate a new set of recovery codes</a>.</p>
            </div>
        }
        else if (_recoveryCodesLeft <= 3)
        {
            <div class="mb-4 p-4 bg-yellow-100 border-l-4 border-yellow-500 text-yellow-700 dark:bg-yellow-900 dark:text-yellow-100">
                <p class="font-bold">You have @_recoveryCodesLeft recovery codes left.</p>
                <p>You should <a href="account/manage/generate-recovery-codes" class="text-yellow-800 dark:text-yellow-200 underline">generate a new set of recovery codes</a>.</p>
            </div>
        }

        <div class="flex space-x-4">
            <a href="account/manage/disable-2fa" class="px-4 py-2 bg-primary-600 hover:bg-primary-700 text-white font-medium rounded-lg text-sm focus:ring-4 focus:outline-none focus:ring-primary-300 dark:bg-primary-600 dark:hover:bg-primary-700 dark:focus:ring-primary-800">Disable 2FA</a>
            <a href="account/manage/generate-recovery-codes" class="px-4 py-2 bg-primary-600 hover:bg-primary-700 text-white font-medium rounded-lg text-sm focus:ring-4 focus:outline-none focus:ring-primary-300 dark:bg-primary-600 dark:hover:bg-primary-700 dark:focus:ring-primary-800">Reset recovery codes</a>
        </div>
    </div>
}

<div class="p-4 bg-white border border-gray-200 rounded-lg shadow-sm dark:border-gray-700 sm:p-6 dark:bg-gray-800">
    <h4 class="text-lg font-semibold text-gray-900 dark:text-white mb-4">Authenticator app</h4>
    <div class="flex flex-col sm:flex-row space-y-2 sm:space-y-0 sm:space-x-2">
        @if (!_hasAuthenticator)
        {
            <LinkButton Href="account/manage/enable-authenticator" Color="primary" Text="Add authenticator app" />
        }
        else
        {
            <LinkButton Href="account/manage/enable-authenticator" Color="primary" Text="Add authenticator app" />
            <LinkButton Href="account/manage/reset-authenticator" Color="primary" Text="Reset authenticator app" />
        }
    </div>
</div>

@code {
    private bool _hasAuthenticator;
    private int _recoveryCodesLeft;
    private bool _is2FaEnabled;

    /// <inheritdoc />
    protected override async Task OnInitializedAsync()
    {
        await base.OnInitializedAsync();

        var user = await UserManager.FindByIdAsync(UserService.User().Id);
        if (user == null)
        {
            throw new InvalidOperationException("User not found.");
        }

        _hasAuthenticator = await UserManager.GetAuthenticatorKeyAsync(user) is not null;
        _is2FaEnabled = await UserManager.GetTwoFactorEnabledAsync(user);
        _recoveryCodesLeft = await UserManager.CountRecoveryCodesAsync(user);
    }
}
